Isn't anyone out there using standard recommended security settings with their IEM system? An Ivanti Tech Support agent told me most people just use HTTP, but there's got to be someone else that requires a secure configuration. There doesn't seem to be a global setting to configure the system to use only SSL and FQDN for all the Web links, but there must be a way, right?

On the Core's (and consoles) own login-screen (where you select the Core name), use the FQDN of the Core. There's a bunch of places in the console that use "what you connect to the Core as" ... so if you use the NETBIOS name there, then those things will use a NETBIOS name as well. Using the FQDN consistently is good.So that "core name" is not just for looks! That part is quite important!

The second thing to get right is to make sure you use the FQDN in the agent setting "Client Connectivity". That's the "one stop shop" for clients to know how they address th Core server. If you update your existing agent setting, clients will pull the updated info the next time they run vulscan (it checks for updates to agent settings every time it starts).

Yes, we are doing those things, but there are many items that still use http and/or the short name. Executive reports, Barcode form groups, etc. What I need to accomplish is to have any URL that this system generates, be formatted to begin with: “https://serverFQDN/...”.

Well, I don't have all the details, but we seem to have found an answer. We had to update the URL Rewrite in IIS to v.2 (download from Microsoft), then create an inbound rule on the Default Web Site, using a regex to identify and redirect to HTTPS with the FQDN. This causes the redirect to apply to everything under that Default site. Ivanti said they would submit the ability to manage this as an enhancement request.

...however. It appears that the IEM tool is simply not built to run with all communications secure. We found that setting the URL rewrite at the Default site level causes some functions to break, and we've had to disable that rule on specific sites, such as ApmService and InventoryConnector.